Re: Session treating

Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx> · Sun, 31 Jul 2011 18:46:23 +0100

Andre Polykanine <andre@xxxxxxxx> wrote:

>Hi guys and girls,
>I'm completely stuck at a really stupid thing.
>For some reason my session id doesn't pass through the links.
>
>Here is the code:
>
>index.php:
>
><?php
>// Checking if the admin was ever authorized
>if ($_SESSION['PSS']!=session_id()) $auth=0; else $auth=1;
>if ($_SESSION['Editor']!="Voice of Istanor") $auth=0; else $auth=1;
>
>if ($auth==0) {
>if (!@$_POST) {
>// If there's no POST values, including the login form
>include "login.php";
>// For debugging only, outputs: "Session name: PHPSESSID, session id:
>";
>printf("Session name: %s, Session Id: %s", session_name(),
>session_id());
>} else {
>// Here go real values
>if (($_POST['uname']!="Tralala") ||
>(sha1($_POST['upass'])!="abcdeftralala")) {
>echo "<h3>Invalid login or password!</h3>";
>include "login.php";
>} else {
>// Attention!
>session_name("PalantirSessId");
>session_start();
>// Everything goes Ok here
>printf("Session name: %s, Session Id: %s", session_name(),
>session_id());
>$_SESSION['PSS']=session_id();
>$_SESSION['Editor']=$_POST['uname'];
>$auth=1;
>}
>}
>}
>
>if ($auth==1) {
>echo "<!DOCTYPE HTML><html>
><head>
><meta charset=\"utf-8\">
></head>
><body bgcolor=#CCBBFF>";
>include "header.html";
>// Still ok! the same name, the same Id
>printf("Session name: %s, Session Id: %s", session_name(),
>session_id());
>  
>                                       end of code.
>
>But now go the links such as
><a href="articles.php">Articles management</a>
>
>And there, in the articles.php, I write the following:
>
><?php
>session_name("PalantirSessId");
>session_start();
>printf("Session name: %s, Session Id: %s", session_name(),
>session_id());
>
>And here (!) the session name is correct, but the session id is
>changed.
>My question is: why?
>Thanks!
>
>-- 
>With best regards from Ukraine,
>Andre
>Skype: Francophile
>Twitter: http://twitter.com/m_elensule
>Facebook: http://facebook.com/menelion
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

One thing sticks out a little bit to me. In your index.php file, you're accessing an element of the $_SESSION array, but without calling session_start() first. I believe this may be causing the issue you are seeing.

Thanks,
Ash
http://www.ashleysheridan.co.uk
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php